-
-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validity of unquoted space in mail address #804
Comments
I agree - if you'd like to tweak the regex to not allow this specific case, be my guest, but not like your #805 PR just did! |
As far as I investigated, the issue seems to be around this on the page:
However, dealing with the regex is a bit tricky. Do you have any recommendations @Synchro? I tried using https://regex101.com/ but it's still complex :) |
It's a shame that Squiloople has gone, so good thinking on looking for it in wayback! You can see that I asked exactly the question you did in May 2013. you can also see that Rasmus (of PHP) was there too, which is why that pattern ended up in It's very tempting to remove all support for comments and FWS since they are mainly only for presentation purposes, which isn't PHPMailer's business - neither are valid for actual sending in 5321. I suspect that allowing them is the underlying problem in #429 and is also what was the cause of the security issue fixed in 6687a96. I wonder if there is an RFC-recommended method for removing comments and FWS? Sqiloople did suggest a pattern that dropped FWS and comments that might be a more relevant default pattern to use, so that might be worth a look. At the time it was written the main difference between the sqiloople pattern and PHP's stock one was that it allowed dotless We could just do that in PHPMailer 6, since it's still not final. |
@bor0 What do you think of this? I've simplified it a lot, removed quite a bit of old stuff. It defaults to straight |
@Synchro, looks good! But the If we go ahead with that change imo we should remove those comments and also document what would break as you said. |
Those comments are just signposts for those updating legacy code - it's common for some to use That said, anyone looking at the code might wonder why those options even appear in the switch if they were not aware it used to be an option in old versions, hence the comments. We could just call it something else "this used to be an option" or something. |
We have:
According to the tests written, it seems like this was done on purpose.
Using OS X Mail, it complains it's not a valid e-mail address.
Also, per the RFC:
In my understanding,
SHOULD NOT
is used because it is allowed in some cases (e.g. when surrounded by quotes), which is not the case fortest @test.com
.Additionally, there are inconsistencies when using different patterns:
Returns:
So in my opinion, pcre8 should also return
nok
for that e-mail address (it's okay that noregex returnsok
since that one is a really simple one).The text was updated successfully, but these errors were encountered: